If event ID 7062 logs on your DNS server, it will appear as follows:
DNS Server encountered a packet addressed to itself -- IP address<actual IP address>. The DNS server should never be sending a packet to itself. This situation usually indicates a configuration error.
Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones. Must not contain NS record for DNS server.
Step 4 of event ID 7062 may lead you to conclude that for the event to be triggered, a primary DNS server must create a delegation of a subdomain. However, the root DNS servers maintain the .com, .net, and other domains. Additionally, the root DNS servers delegate the namespace under those domains to other DNS servers. Therefore, although your DNS server may be the primary DNS server for example.com, your DNS server has been delegated that responsibility by the ".com" DNS server or servers.
This means that if you have registered a domain with the NSFnet Network Information Center (InterNIC), and they delegate that domain to your DNS server, it is your responsibility to make sure that your DNS server can handle all requests for the registered domain.
For example, you have a DNS server at dns.example.com, and you have recently registered example.org with InterNIC. After InterNIC delegates example.org to your DNS server, you must create a zone file that can answer queries for example.org.
The following hypothetical sequence of events describes how event ID 7062 may continue to log to your DNS server if you have not configured it to maintain zone files for domains that you have registered.
- A client computer tries to contact www.example.org. The client computer sends a query for www.example.org to the root servers. The root servers determine that the Start of Authority (SOA) for example.org is the DNS server dns.example.com at IP address 10.1.1.1. IP address 10.1.1.1 is your DNS server.
- The client computer sends a request to 10.1.1.1 for www.example.org. Your DNS server examines its zone files and determines that it is not the SOA for example.org because it does not have a zone file for www.example.org.
- Your DNS server sends an iterative query for example.org to the root servers.
- The root servers respond to the iterative query from your DNS server by telling your DNS server that the SOA, or owner of the domain, for example.org is at 10.1.1.1. Your DNS server examines itself for the answer to the query, and does not find one.
- If the root hints that are in Windows 2000 point to the same computer, event ID 7062 will log.For additional information about replacing the existing root hints with the default root hints, click the following article number to view the article in the Microsoft Knowledge Base:249868 Replacing root hints with the Cache.dns file
Note Event ID 7062 will log even when zone transfers are disabled. For more information about this behavior, see "Event ID 7062 logs even when zone transfers are disabled" in the More Information section.
How to find the actual requested domainsTo find the actual requested domains, you must debug your DNS server.
When you have the log file open, search for "7062." This search should bring you to the first error. After you find the error, scroll up. A DNS query log looks similar to the following code.
The following describes what occurs during the important phases of this log:
dns_ProcessMessage() for packet at 00A5E524.
dns_AnswerQuestion() for packet at 00A5E524.
Node for (3)www(10)mycompany(3)com(0) NOT in database.
Closest node found"com."
Encountered non-authoritative node with no matching RRs.
dns_ProcessMessage() for packet at 00A5EAC4.
Processing response packet at 00A5EAC4.
Packet contains RR for authoritative zone node: "dns.hello.com."
-- ignoring RR.dns_ContinueCurrentLookup() for query at 00A5E524.
dns_AnswerQuestion() for packet at 00A5E524.
dns_AnswerQuestionFromDatabase() for query at 00A5E524
node label = www
question type = 0x0001
ERROR: Self-send to address 10.1.1.1!!!
Log EVENT message 7062 (80001B96):
- The DNS query log starts with dns_ProcessMessage().
- The node for the request is www.example.org.
- Your DNS server cannot handle the request Encountered non-authoritative node.
- Your DNS server sends a dns_ProcessMessage to the root servers.
- The root servers send a response packet, Processing response packet, to your DNS server. This response indicates that your DNS server is the SOA for example.org.
- Your DNS server ignores the response packet.
- Event ID 7062 logs on your DNS server.
Event ID 7062 logs even when zone transfers are disabledImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Event ID 7062 will log even if zone transfers are disabled if the Notifyoption has been configured to notify a DNS server or servers that are listed on the Name Servers tab.
By default, a Windows 2000-based primary DNS server that has multiple zones is configured to notify the servers that are listed on the Name Servers tab.
Note Disabling zone transfers does not disable the Notify option. If the Notifyoption is set to notify a DNS server or servers that are listed on the Name Servers tab, it will continue to do this.
To disable zone transfers, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Zones\ZoneName
- In the right pane, right-click NotifyLevel, and then click Modify.
- Type 0, and then click OK.
- Quit Registry Editor.
ID d'article : 235689 - Dernière mise à jour : 15 mars 2008 - Révision : 1